Just When We Thought Santa Forgot To Put CISOs On His “Nice List”, Along Comes The Sony Breach

Stephanie Balaouras
Security pros got the Target breach for Christmas last year. The breach hit the retailer during its busiest time of the year and cost them millions in lost business. For security pros desperate for more budget and business prioritization, you couldn’t have asked for a more perfect present - it’s as is if Santa himself came down the chimney and placed a beautifully wrapped gift box topped with a bow right under your own tree. This year it looked as if all we were getting was a lump of coal - but then Sony swooped in to save us like a Grinch realizing the true meaning of Christmas.
 
The Sony Picture Entertainment (SPE) breach is still unfolding but what we know so far is that a hacktivist group calling themselves the Guardian of Peace (GoP) attacked Sony in retribution for the production of a movie, “The Interview”, which uses the planned assassination of North Korea’s leader as comedic fodder. The hacktivists supposedly stole 100 TBs of data that they are gleefully leaking bit by bit (imagine Jingle Bells as the soundtrack). The attack itself affected the availability of SPE’s IT infrastructure, forcing the company to halt production on several movies.
 
Read more

Are Corporations Getting More Responsible? Risk Management And Customer Obsession Are Pushing Them To

Chris McClean

Casual spectators of business behavior can't help being jaded; every day they see news stories about corporate fraud, security breaches, delayed safety recalls, and other sorts of general malfeasance. But what they don't see is the renewed time and investment companies around the world are putting  toward implementing and reporting on responsible behavior (this less sensational side of the story gets far less coverage).

This week, Nick Hayes and I published an exciting new report, Meet Customers' Demands For Corporate Responsibility, which looks at the corporate responsibility reporting habits of the world's largest companies. While it's easy to think that the business community is as dirty as ever, we actually found a substantial increase over the past 6 years in what these companies included in their CSR and sustainability reports.

Read more

Happy Birthday Angry Birds! Thanks For The (In)Security!

Tyler Shields

Image Source: http://www.jbgnews.com/2014/09/angry-birds-developer-rovio-entertainment-struggling/430304.html

We’ve all done it. We've spent hours flinging birds at pigs, only to be frustrated with that one little piggy that got away. We can all thank the phenomenon “Angry Birds” for this wonderful experience. Today marks the fifth birthday of the release of the original Angry Birds. Since its release, the highly successful mobile game creator Rovio has gone on to sell hundreds of millions of dollars of mobile apps, licenses, and merchandise amassing $216M in revenue in 2013 alone. Who knew that a simple change in game mechanics could gain such a cult foothold with the public? From a business perspective, the team at appfigures did a great write-up on the history of the franchise, along with its successes and failures in the eyes of the public. If you’re interested in the business life cycle of apps in the public app store, I highly recommend you go read their research: Angry Birds Turns Five: What We Can Learn From The Franchise’s Success.

Read more

The Global Risk Environment Looks A Lot Different In The Age Of The Customer

Nick Hayes

Earlier today, we published a report that dissects global risk perceptions of business and technology management leaders. One of the most eye-popping observations from our analysis is how customer obsession dramatically alters the risk mindset of business decision-makers.

Out of seven strategic initiatives -- including “grow revenues,” “reduce costs,” and “better comply with regulations,” -- improve the experience of our customers is the most frequently cited priority for business and IT decision-makers over the next 12 months. When you compare those “customer-obsessed” decision-makers (i.e. those who believe customer experience is a critical priority) versus others who view customer experience as a lower priority, drastic differences appear in how they view, prioritize, and manage risk.

Customer obsession has the following effects on business decision-makers’ risk perceptions:

  • Risk concerns heighten dramatically across several risk types – especially reputational risk. Reputational risk concern more than doubles for customer-obsessed decision-makers, and other risks also see significant increases, including corporate social responsibility (CSR) and sustainability risk, regulatory and compliance risk, and talent and human capital risk.
Read more

The Millennium Falcon And Breach Responsibility

Rick Holland

Do you remember the scene from The Empire Strikes Back where the Millennium Falcon is trying to escape an Imperial Star Destroyer? Han Solo says, “Let’s get out of here, ready for light-speed? One… two… three!” Han pulls back on the hyperspace throttle and nothing happens. He then says, “It’s not fair! It’s not my fault! It’s not my fault!”

Later in the movie when Lando and Leia are trying to escape Bespin, the hyperdrive fails yet again. Lando exclaimed, “They told me they fixed it. I trusted them to fix it. It's not my fault!” In first case transfer circuits were damaged, and in the second case, stormtroopers disabled the hyperdrive.

Ultimately they were at fault; they were the captains of the ship, and the buck stops with them. It doesn't matter what caused problems, they were responsible; excuses don't matter when a Sith Lord is in pursuit. 

I am seeing a trend where breached companies might be heading down a similar “it’s not my fault” path. Consider these examples:

Read more

THE MSSP MARKET IS GROWING MORE SOLID AND STABLE

Edward Ferrara

Forrester's 26-criteria evaluation of managed security service providers (MSSPs) published today! The report focuses on the 13 most significant vendors in the North American market — AT&T, CenturyLink, CSC, Dell SecureWorks, HP, IBM, Leidos, SilverSky, Solutionary/NTT, Symantec, Trustwave, Verizon, and Wipro. This report details how well each vendor met our criteria and where they stand in relation to each other. This report will help you refine your selection criteria and choose the right partner for your outsourced security needs.

You can get the report here: The Forrester Wave™: Managed Security Services: North America, Q4 2014

CLOUD SECURITY CONTINUES TO BE A WORK IN PROGRESS

Edward Ferrara

Cloud adoption has historically been hampered by security concerns. All of Forrester's research shows this to be the number one impediemtn to adoption. Forrester just finished evaluating four cloud platform providers on the depth and breadth of their security controls. This Forrester Wave™ evaluates four of the leading public clouds along 15 key security criteria evaluations to answer this question. The participating cloud services providers were: AWS, CenturyLink Cloud, IBM SoftLayer, and Microsoft Azure. This report details our findings about how well each vendor fulfills our criteria and where they stand in relation to each other, to help S&R professionals select the right public cloud partner with the best options for security controls and overall security capabilities.

The results can be found here:  The Forrester Wave™: Public Cloud Platform Service Providers' Security, Q4 2014

Security & Risk Consultant Spotlight Podcast With Todd Barnum

Stephanie Balaouras

For the past few months, we've been using our newsletter and podcast to highlight one of our analysts on Forrester's Security & Risk Team. This month, we decided to interview an S&R consultant. Todd Barnum is our consulting director, a two-time CISO, and a leading expert in information security governance, design, and operations!  Click below to hear our consultant spotlight on Todd. If you're not signed up for our newsletters, I highly encourage you to do so; please email srfl@forrester.com for additional details. 

Todd Barnum Image

To download the MP3 version of the podcast, please click here.

More Money, More Problems For Security Organizations In 2015

Stephanie Balaouras
If you’re a security and risk leader, it’s either the best of times or the worst of times. Today, it feels as if not a week goes by without yet another revelation of a large scale cyberattack targeting a trusted corporate brand. Suddenly, business executives who used to avoid you want to be your best friend and are looking at security as an integral piece of the business technology agenda. Why the sudden corporate conviviality? Well, now when there is a major customer breach, it’s not just your job that’s on the line, it’s their job on the line as well - and potentially up to a $1 billion in corporate profits. This means that protecting customers’ data and preserving their privacy can no longer be limited to the CISO or chief privacy officer. In fact, if your company execs are smart, they’ll make it one of their top business and corporate social responsibilities in 2015 - and if they’re not, look for a new job, because you don’t want to be working there.
 
This is why we predict that in 2015 there will be:
 
Read more

Categories:

Privacy Becomes A Competitive Differentiator In 2015

Heidi Shey
We are in a golden age of data breaches - just this week, the United States Post Office was the latest casualty - and consumer attitudes about data security and privacy are evolving accordingly. If your data security and privacy programs exist just to ensure you meet compliance, you’re going to be in trouble. Data (and the resulting insights) is power. Data can also be the downfall for an organization when improperly handled or lost. 
 
In 2015, Forrester predicts that privacy will be a competitive differentiator. There is a maze of conflicting global privacy laws to address and business partner requirements to meet in today’s data economy. There’s also a fine line between cool and creepy, and often it’s blurred. Companies, such as Apple, are sensitive to this and adjusting their strategies and messaging accordingly. Meanwhile, customers — both consumers and businesses — vote with their wallets. 
 
Read more